Merge pull request #15055 from ninjadq/health_check_url_2_dn_instead_of_ip

Add IPv6 support
2024-09-20 16:35:44 +00:00 · 2021-06-03 17:57:55 +08:00 · 2021-06-03 17:57:55 +08:00 · 0867a6bfd6
commit 0867a6bfd6
parent ea35e7b9ec 1b6b47f860
10 changed files with 39 additions and 34 deletions
--- a/make/photon/chartserver/Dockerfile
+++ b/make/photon/chartserver/Dockerfile
@ -20,4 +20,4 @@ ENTRYPOINT ["./docker-entrypoint.sh"]
 VOLUME ["/chart_storage"]
-HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:9999/health || curl -k -sS https://127.0.0.1:9443/health || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://localhost:9999/health || curl -k -sS https://localhost:9443/health || exit 1
--- a/make/photon/core/Dockerfile
+++ b/make/photon/core/Dockerfile
@ -2,7 +2,7 @@ ARG harbor_base_image_version
 ARG harbor_base_namespace
 FROM ${harbor_base_namespace}/harbor-core-base:${harbor_base_image_version}
-HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v2.0/ping || curl -k --fail -s https://127.0.0.1:8443/api/v2.0/ping || exit 1
+HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v2.0/ping || curl -k --fail -s https://localhost:8443/api/v2.0/ping || exit 1
 COPY ./make/photon/common/install_cert.sh /harbor/
 COPY ./make/photon/core/entrypoint.sh /harbor/
 COPY ./make/photon/core/harbor_core /harbor/
--- a/make/photon/jobservice/Dockerfile
+++ b/make/photon/jobservice/Dockerfile
@ -19,6 +19,6 @@ USER harbor
 VOLUME ["/var/log/jobs/"]
-HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || curl -sk --fail --key /etc/harbor/ssl/job_service.key --cert /etc/harbor/ssl/job_service.crt https://127.0.0.1:8443/api/v1/stats || exit 1
+HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v1/stats || curl -sk --fail --key /etc/harbor/ssl/job_service.key --cert /etc/harbor/ssl/job_service.crt https://localhost:8443/api/v1/stats || exit 1
 ENTRYPOINT ["/harbor/entrypoint.sh"]
--- a/make/photon/nginx/Dockerfile
+++ b/make/photon/nginx/Dockerfile
@ -6,7 +6,7 @@ VOLUME /var/cache/nginx /var/log/nginx /run
 STOPSIGNAL SIGQUIT
-HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080 || exit 1
+HEALTHCHECK CMD curl --fail -s http://localhost:8080 || exit 1
 USER nginx
--- a/make/photon/portal/Dockerfile
+++ b/make/photon/portal/Dockerfile
@ -38,7 +38,7 @@ VOLUME /var/cache/nginx /var/log/nginx /run
 STOPSIGNAL SIGQUIT
-HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080 || curl -k --fail -s https://127.0.0.1:8443 || exit 1
+HEALTHCHECK CMD curl --fail -s http://localhost:8080 || curl -k --fail -s https://localhost:8443 || exit 1
 USER nginx
 CMD ["nginx", "-g", "daemon off;"]
--- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
+++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
@ -22,6 +22,7 @@ services:
        target: /etc/rsyslog.d/rsyslog_docker.conf
    ports:
      - 127.0.0.1:1514:10514
      - ::1:1514:10514
    networks:
      - harbor
  registry:
@ -67,7 +68,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "registry"
  registryctl:
    image: goharbor/harbor-registryctl:{{version}}
@ -111,7 +112,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "registryctl"
 {% if external_database == False %}
  postgresql:
@ -142,7 +143,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "postgresql"
    shm_size: '1gb'
 {% endif %}
@ -209,7 +210,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "core"
  portal:
    image: goharbor/harbor-portal:{{version}}
@ -242,7 +243,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "portal"
  jobservice:
@ -281,7 +282,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "jobservice"
 {% if external_redis == False %}
  redis:
@ -309,7 +310,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "redis"
 {% endif %}
  proxy:
@ -364,7 +365,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "proxy"
 {% if with_notary %}
  notary-server:
@ -404,7 +405,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "notary-server"
  notary-signer:
    image: goharbor/notary-signer-photon:{{notary_version}}
@ -445,7 +446,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "notary-signer"
 {% endif %}
 {% if with_trivy %}
@ -484,7 +485,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "trivy-adapter"
    env_file:
      ./common/config/trivy-adapter/env
@ -528,7 +529,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "chartmuseum"
    env_file:
      ./common/config/chartserver/env
@ -555,7 +556,7 @@ services:
    logging:
      driver: "syslog"
      options:
-        syslog-address: "tcp://127.0.0.1:1514"
+        syslog-address: "tcp://localhost:1514"
        tag: "exporter"
 {% endif %}
 networks:
--- a/make/photon/registry/Dockerfile
+++ b/make/photon/registry/Dockerfile
@ -11,7 +11,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
    && chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh \
    && chown harbor:harbor /usr/bin/registry_DO_NOT_USE_GC && chmod u+x /usr/bin/registry_DO_NOT_USE_GC
-HEALTHCHECK CMD curl --fail -s http://127.0.0.1:5000 || curl -k --fail -s https://127.0.0.1:5443 || exit 1
+HEALTHCHECK CMD curl --fail -s http://localhost:5000 || curl -k --fail -s https://localhost:5443 || exit 1
 USER harbor
--- a/make/photon/registryctl/Dockerfile
+++ b/make/photon/registryctl/Dockerfile
@ -14,7 +14,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
    && chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh
-HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/health || curl -sk --fail --key /etc/harbor/ssl/registryctl.key --cert /etc/harbor/ssl/registryctl.crt https://127.0.0.1:8443/api/health || exit 1
+HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/health || curl -sk --fail --key /etc/harbor/ssl/registryctl.key --cert /etc/harbor/ssl/registryctl.crt https://localhost:8443/api/health || exit 1
 VOLUME ["/var/lib/registry"]
--- a/make/photon/trivy-adapter/Dockerfile
+++ b/make/photon/trivy-adapter/Dockerfile
@ -16,7 +16,7 @@ RUN chown -R scanner:scanner /etc/pki/tls/certs \
    && chown scanner:scanner /home/scanner/bin/scanner-trivy && chmod u+x /home/scanner/bin/scanner-trivy \
    && chown scanner:scanner /home/scanner/install_cert.sh && chmod u+x /home/scanner/install_cert.sh
-HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://127.0.0.1:8080/probe/healthy || curl -k --fail -s https://127.0.0.1:8443/probe/healthy || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://localhost:8080/probe/healthy || curl -k --fail -s https://localhost:8443/probe/healthy || exit 1
 ENV TRIVY_VERSION=${trivy_version}
--- a/tests/generateCerts.sh
+++ b/tests/generateCerts.sh
@ -1,8 +1,12 @@
 #!/usr/bin/env bash
 # These certs file is only for Harbor testing.
-IP='127.0.0.1'
+CN='127.0.0.1'
-if [ ! -z "$1" ]; then IP=$1; fi
+
 IPV4_REGEX='((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
 IPV6_REGEX='(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
 TEMP_FILENAME='temp'
 if [ ! -z "$1" ]; then CN=$1; fi
 OPENSSLCNF=
 DATA_VOL='/data'
 CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
@ -23,23 +27,23 @@ fi
 #    -x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
 # Generate a Certificate Signing Request
-if echo $IP|grep -E '^([0-9]+\.){3}[0-9]+$' ; then
+if [[ $CN =~ $IPV4_REGEX ]] || [[ $CN =~ $IPV6_REGEX ]] ; then
 openssl req \
-    -newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
+    -newkey rsa:4096 -nodes -sha256 -keyout $TEMP_FILENAME.key \
-    -out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
+    -out $TEMP_FILENAME.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
-echo subjectAltName = IP:$IP > extfile.cnf
+echo subjectAltName = IP:$CN > extfile.cnf
 else
 openssl req \
-    -newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
+    -newkey rsa:4096 -nodes -sha256 -keyout $TEMP_FILENAME.key \
-    -out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$IP"
+    -out $TEMP_FILENAME.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$CN"
-echo subjectAltName = DNS.1:$IP > extfile.cnf
+echo subjectAltName = DNS.1:$CN > extfile.cnf
 fi
 # Generate the certificate of local registry host
-openssl x509 -req -days 365 -sha256 -in $IP.csr -CA $CUR_DIR/harbor_ca.crt \
+openssl x509 -req -days 365 -sha256 -in $TEMP_FILENAME.csr -CA $CUR_DIR/harbor_ca.crt \
-	-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt
+	-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $TEMP_FILENAME.crt
 # Copy to harbor default location
 mkdir -p $DATA_VOL/cert
-cp $IP.crt $DATA_VOL/cert/server.crt
+cp $TEMP_FILENAME.crt $DATA_VOL/cert/server.crt
-cp $IP.key $DATA_VOL/cert/server.key
+cp $TEMP_FILENAME.key $DATA_VOL/cert/server.key
`@ -20,4 +20,4 @@ ENTRYPOINT ["./docker-entrypoint.sh"]`

	`VOLUME ["/chart_storage"]`	`VOLUME ["/chart_storage"]`

	`HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:9999/health \|\| curl -k -sS https://127.0.0.1:9443/health \|\| exit 1`	`HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://localhost:9999/health \|\| curl -k -sS https://localhost:9443/health \|\| exit 1`